I never liked the way restricting bank accounts is implemented. I did it because it was very important for some businesses to be able to give users access to certain bank accounts only. But it’s not the right solution. There are some surprising mechanics, which is not good.
As for user permissions in general, currently, it’s implemented by selecting what screens users can see, can’t see, and what they can do on these screens. Yes, it needs to be improved. Some users want to further restrict what columns can be seen.
What @Abeiku is proposing is also logical, and I don’t see it as a replacement for what we currently have. I see it more as another layer. For example, if you restrict access to certain customers on the data layer, then Manager can still show you their invoices, but the customer name will say [Redacted].
This way, we keep it still somewhat visual. We won’t imply that if you don’t have access to customers, you can’t see anything that the customer could be possibly linked to. Customers can be linked to many things.
Anyway, this is not a bug, more like a feature request to extend user permissions by some kind of data layer. And I think the ability to select which bank accounts a user can access belongs to this “data layer.”